ГлавнаяУязвимости → CVE-2024-36048
9.8критическая

CVE-2024-36048

→ есть в БДУ: BDU:2025-08575 (на русском)
Описание (на английском; русское — в БДУ выше)

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.

Затрагиваемое ПО
Qt QtFedoraproject Fedora
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/